hi pedro !!! thanks for your help. but this only solved my routing problems on the lrp2-side. actually the isdn-connection is always started by lrp2.
can i add a second route to the lrp2 on the fw ? (ro add 192.168.1.0 via portmaster metric 2) how will fw know, if the ipsec-link on lrp1 is down ?? could this work ? thanks & bye stefan Am 03.10.2001 12:28:14, schrieb "Pedro Barreto" <[EMAIL PROTECTED]>: >hi Stefan, > >if you have some piece of software that will automatically connect the >isdn line when traffic is received on the isdn device, you could add >another default route with a higher metric, like: > >ip r add default dev $isdn_dev via $isdn_ip metric 2 >(assuming the first default route has a metric of 1) > >but that might bring the isdn line when the internet link is too >saturated. > >you can also try to create a script to ping LRP2 box trough LRP1 and >should that ping fail bring on the isdn interface, that script could go >to the cron.d (every 2 minutes "*/2 * * * *") > >the script might be like: > >#!/bin/bash >/bin/ping -w 2 -n -q -I $INTERNET_DEV -c 1 $LRP2_IP 2>&1 > /dev/null >if [ "$?" = "1" ]; then > ip r del default > bring_up_isdn() > ip r add default dev $ISDN_DEV >fi > >you could also add to this script functionality to bring down isdn when >internet is up again. > >that might help you, >pedro > > >> -----Original Message----- >> From: stefan [mailto:[EMAIL PROTECTED]] >> Sent: Wednesday, October 03, 2001 9:33 AM >> To: [EMAIL PROTECTED] >> Subject: [Leaf-user] routing question >> >> >> >> hi !! >> it's not really a LEAF-specific problem, but maybe a routing-pro >> reads this also - hopefully. >> i've connected two locations with ipseced-LRP-boxes, now i plan >> a backup with isdn, but i have some routing problems. >> >> >> the network looks like this: >> >> 192.168.1.0----LRP2-.-.-.-Internet-.-.-.-.-LRP1 >> | ipsec | >> | FW----10.1.1.0 >> | | >> | portmaster >> |__________isdn______________| >> >> >> the FW is running on solaris. portmaster is a RAS-server from >> lucent. >> i want the network to work on, if the internet connection fails, >> but i don't know which routing-protocols i can/should use to >> solve this. i'd be glad if there's an easy solution. >> i think the main "problem" is the firewall, which schould know, >> which route to the 192.168.1 network to use. >> >> >> thanks. >> >> stefan >> >> >> >> _______________________________________________ >> Leaf-user mailing list >> [EMAIL PROTECTED] >> https://lists.sourceforge.net/lists/listinfo/leaf-user >> > > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
